<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: No CSRF Token loaded from session store. in Dropbox API Support &amp; Feedback</title>
    <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/No-CSRF-Token-loaded-from-session-store/m-p/539202#M25884</link>
    <description>&lt;P&gt;Based on the context and version number you supplied, it sounds like the you're using &lt;A href="https://github.com/dropbox/dropbox-sdk-java" target="_self"&gt;the official Dropbox API v2 Java SDK&lt;/A&gt;. Can you also share the relevant code snippet(s) (but don't include any access/refresh token(s)), as well as the steps you're following when this issue occurs? Thanks in advance!&lt;/P&gt;</description>
    <pubDate>Fri, 13 Aug 2021 16:00:41 GMT</pubDate>
    <dc:creator>Greg-DB</dc:creator>
    <dc:date>2021-08-13T16:00:41Z</dc:date>
    <item>
      <title>No CSRF Token loaded from session store.</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/No-CSRF-Token-loaded-from-session-store/m-p/539191#M25883</link>
      <description>&lt;P&gt;I'm trying to integrate a spring boot application with Dropbox, the application is working perfectly locally however I have this error "No CSRF Token loaded from session store." in production. I'm using SDK 4.0.0.&lt;/P&gt;
&lt;P&gt;Note: The application works a few times in production but the error continues most of the time&lt;/P&gt;</description>
      <pubDate>Fri, 13 Aug 2021 13:46:06 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/No-CSRF-Token-loaded-from-session-store/m-p/539191#M25883</guid>
      <dc:creator>joelaugusto97</dc:creator>
      <dc:date>2021-08-13T13:46:06Z</dc:date>
    </item>
    <item>
      <title>Re: No CSRF Token loaded from session store.</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/No-CSRF-Token-loaded-from-session-store/m-p/539202#M25884</link>
      <description>&lt;P&gt;Based on the context and version number you supplied, it sounds like the you're using &lt;A href="https://github.com/dropbox/dropbox-sdk-java" target="_self"&gt;the official Dropbox API v2 Java SDK&lt;/A&gt;. Can you also share the relevant code snippet(s) (but don't include any access/refresh token(s)), as well as the steps you're following when this issue occurs? Thanks in advance!&lt;/P&gt;</description>
      <pubDate>Fri, 13 Aug 2021 16:00:41 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/No-CSRF-Token-loaded-from-session-store/m-p/539202#M25884</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2021-08-13T16:00:41Z</dc:date>
    </item>
    <item>
      <title>Re: No CSRF Token loaded from session store.</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/No-CSRF-Token-loaded-from-session-store/m-p/539325#M25890</link>
      <description>&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;LI-CODE lang="java"&gt;import lombok.RequiredArgsConstructor;
import mz.co.instite.certifications.organization.domain.Organization;
import mz.co.instite.certifications.organization.infrastructure.persistence.OrganizationRepository;
import mz.co.instite.certifications.user.domain.User;
import mz.co.instite.certifications.user.domain.UserRole;
import mz.co.instite.certifications.user.infrastructure.UserRepository;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;

@Controller
@RequestMapping(path = "/api/v1/oauth/dbx")
@RequiredArgsConstructor
@CrossOrigin
public class DbxOauthController {
    private final DbxFileSystem dbxFileSystem;
    private final UserRepository userRepository;
    private final OrganizationRepository organizationRepository;
    private User user;

    @GetMapping("/start")
    public ResponseEntity&amp;lt;?&amp;gt; authStart(HttpServletRequest request) {

            Map&amp;lt;?, ?&amp;gt; authResponse = dbxFileSystem.authorize(request);
            String authorizeUrl = (String) authResponse.get("authorizeUrl");

            if (Objects.nonNull(authorizeUrl)) {
                //response.sendRedirect(authorizeUrl);
                return ResponseEntity.ok(authorizeUrl);
            }
            return ResponseEntity.badRequest().body("Falha ao autorizar o pedido.");


    }

    @GetMapping("/finish")
    @ResponseBody
    public ResponseEntity&amp;lt;Map&amp;lt;String, Object&amp;gt;&amp;gt; authFinish(HttpServletRequest request) {
        try {
            Map&amp;lt;String, Object&amp;gt; token = dbxFileSystem.getTokenFromUri(request);
            setAccessToken((String)token.get("accessToken"),(String)token.get("refreshToken"));
            return ResponseEntity.ok(token);
        } catch (Exception e) {
            return ResponseEntity.status(HttpStatus.FORBIDDEN).body(exceptionToResponse(e.getMessage()));
        }
    }
}&lt;/LI-CODE&gt;&lt;LI-CODE lang="java"&gt;import com.dropbox.core.*;
import com.dropbox.core.v2.DbxClientV2;
import com.dropbox.core.v2.DbxPathV2;
import com.dropbox.core.v2.files.*;
import mz.co.instite.certifications.infrastructure.fileSystem.FileResponse;
import org.springframework.beans.factory.annotation.Autowired;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Paths;
import java.util.*;
import java.util.stream.Collectors;

public class DbxFileSystem {
    @Autowired
    HttpServletRequest request;

    private final DbxRequestConfig requestConfig;
    private final String redirectUri;
    private DbxPKCEWebAuth pkceWebAuth;
    private final String sessionKey = "dbx-auth-csrf-token";
    private final String storagePath;
    private DbxAppInfo appInfo;
    private String accessToken;

    public DbxFileSystem(String appKey, String redirectUri, String storagePath) {
        this.requestConfig = DbxRequestConfig.newBuilder("insite-certifications").build();
        this.redirectUri = redirectUri;
        this.appInfo = new DbxAppInfo(appKey);
        this.pkceWebAuth = new DbxPKCEWebAuth(requestConfig, appInfo);
        this.storagePath = storagePath.startsWith("/") ? storagePath : "/" + storagePath;
        this.accessToken = "";
    }

    /**
     * Authorizes a user using OAuth2 PKCE
     *
     * @param appKey
     * @return
     */
    public Map&amp;lt;String, ?&amp;gt; authorize(String appKey) {
        this.appInfo = new DbxAppInfo(appKey);
        return authorize();
    }

    public Map&amp;lt;String, ?&amp;gt; authorize() {
        DbxSessionStore sessionStore = new DbxStandardSessionStore(request.getSession(), sessionKey);
        DbxWebAuth.Request authRequest = DbxWebAuth.newRequestBuilder()
                .withRedirectUri(redirectUri, sessionStore)
                .withScope(Arrays.asList("files.content.read","files.content.write"))
                //.withTokenAccessType(TokenAccessType.ONLINE)
                .build();

        Map&amp;lt;String, String&amp;gt; response = new HashMap&amp;lt;&amp;gt;();
        try {
            response.put("authorizeUrl", pkceWebAuth.authorize(authRequest));
        }catch (java.lang.IllegalStateException e){
            pkceWebAuth = new DbxPKCEWebAuth(requestConfig, appInfo);
            response.put("authorizeUrl", pkceWebAuth.authorize(authRequest));
        };

        return response;
    }

    public Map&amp;lt;String, ?&amp;gt; authorize(HttpServletRequest request) {
        this.request = request;
        return authorize();
    }

    public Map&amp;lt;String, Object&amp;gt; getTokenFromUri(HttpServletRequest request) throws DbxException, DbxWebAuth.NotApprovedException, DbxWebAuth.BadRequestException, DbxWebAuth.BadStateException, DbxWebAuth.CsrfException, DbxWebAuth.ProviderException {
        DbxAuthFinish response = pkceWebAuth.finishFromRedirect(redirectUri, new DbxStandardSessionStore(request.getSession(), sessionKey), request.getParameterMap());
        Map&amp;lt;String, Object&amp;gt; tokens = new HashMap&amp;lt;&amp;gt;();
        tokens.put("accessToken", response.getAccessToken());
        tokens.put("refreshToken", response.getRefreshToken());
        return tokens;
    }
}&lt;/LI-CODE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Sat, 14 Aug 2021 19:58:54 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/No-CSRF-Token-loaded-from-session-store/m-p/539325#M25890</guid>
      <dc:creator>joelaugusto97</dc:creator>
      <dc:date>2021-08-14T19:58:54Z</dc:date>
    </item>
    <item>
      <title>Re: No CSRF Token loaded from session store.</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/No-CSRF-Token-loaded-from-session-store/m-p/539585#M25893</link>
      <description>&lt;P&gt;Thanks! So it looks like you're hitting &lt;A href="https://github.com/dropbox/dropbox-sdk-java/blob/e52fc828c7c753e04c3fa9d47ab6de7e85d000c4/src/main/java/com/dropbox/core/DbxWebAuth.java#L525" target="_self"&gt;this error condition&lt;/A&gt; in the Dropbox Java SDK when calling finishFromRedirect here:&lt;/P&gt;
&lt;LI-CODE lang="java"&gt;DbxAuthFinish response = pkceWebAuth.finishFromRedirect(redirectUri, new DbxStandardSessionStore(request.getSession(), sessionKey), request.getParameterMap());&lt;/LI-CODE&gt;
&lt;P&gt;This occurs when &lt;A href="https://github.com/dropbox/dropbox-sdk-java/blob/e52fc828c7c753e04c3fa9d47ab6de7e85d000c4/src/main/java/com/dropbox/core/DbxStandardSessionStore.java#L40" target="_self"&gt;DbxStandardSessionStore.get&lt;/A&gt; returns null, which relies on the passed in session and sessionKey. It looks like you are passing in the same sessionKey, so the issue may be with the session itself.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Is there any reason the session in your web app's session may not be persisting that attribute? You may want to print out the session, or step through with a debugger to inspect the DbxStandardSessionStore/HttpServletRequest/HttpSession. Be sure to redact any sensitive values from any output you share here of course.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Mon, 16 Aug 2021 16:05:02 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/No-CSRF-Token-loaded-from-session-store/m-p/539585#M25893</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2021-08-16T16:05:02Z</dc:date>
    </item>
  </channel>
</rss>

